CIO Update

As you read this issue of our newsletter, I would like to direct your attention to a few stories that highlight some recent developments.

This October marked the 10th anniversary of observing National Cyber Security Awareness month. The Office of Information Technology and American University takes information security and managing the risk to digital data and devices seriously. When I began as CIO in January 2007, the first position I requested to help mature our organization was the creation of a Chief Information Security Officer (CISO) position to provide leadership and focus on building the university's information security program.

Since then, the technology landscape has changed dramatically. The number of services our OIT provides has grown significantly, as well as the average number of devices each staff, student, and faculty member uses. From a criminal perspective, this means there are many more opportunities or targets to go after, as platforms and applications have increased; and data is now in many more places and accessed from a variety of devices—personally owned and university owned.

Cyber attacks can be broken into two broad categories, those that exploit system vulnerabilities and those that exploit the trust of individuals. We must work as a community and remain vigilant to reduce the risk of falling victim to the relentless attacks of cyber criminals that are coming at us by the thousands each day. We all have some responsibility to protect ourselves as well as others, by staying informed and aware, as well as keeping our systems patched and up to date.

Last month, we wrote to the campus to tell them of a Phishing scheme that occurred in which two members of our community fell victim by providing their username and passwords, which were used to login to the Portal and fraudulently change their direct deposit instructions. This incident was not the result of vulnerability in our technology systems; rather it was a sophisticated social attack exploiting the trust of our community members.

With regard to the incident, we have made changes to our Direct Deposit process, are announcing a new look to our Portal login page, and will continue to look for ways to increase our security awareness program throughout the year. Our information security team are available to give security briefs at your staff meetings, lunch and learns, or support faculty as guest lecturers in their classes.

In addition to numerous topics on security, this newsletter will also highlight some recent innovations, such as: our new and improved wireless network, the need to move off of Windows XP as it will no longer be supported in the near future, our new admissions systems that are rolling out for graduate and even undergraduate programs, and some exciting new dashboards being launched as part of our new Business Intelligence program.

Lastly, it is a real pleasure for me to share that AU has been recognized by Computerworld as one of the top places to work in the IT area. I am committed to creating a great environment for my staff to work and AU is a great help with this goal as the institution has put together an excellent benefit package that placed us 5th in this category out of the top 100 institutions recognized.

I invite you to read our newsletter and feel free to let me know how we are doing. Please share any ideas you may have for improvements to our IT systems and services.